Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

 According to KRQE 13 Albuquerque, investigators said it appears that white powder that was sent to a staff member at an Albuquerque, New Mexico school in an envelope Monday is not a dangerous biological chemical. Ten people were taken to a hospital as a precaution. (See item 15)

15. February 2, KRQE 13 Albuquerque – (New Mexico) Investigators: White powder not deadly. Investigators in Albuquerque, New Mexico said it appears that the white powder, which was sent to a staff member at Taft Middle School in an envelope Monday, is not a dangerous biological chemical. Presumptive tests show the powder is not life threatening, but it has been sent to a state lab for additional testing. “It’s an oxiding type of powder, maybe something you find in a cleaner that’s why we’re getting signs of respiratory distress from the folks inside you breath it in, it’s an irritant, but again we take this serious,” a New Mexico National Guard official said. In all, 10 people were taken to University of New Mexico Hospital as a precaution. The administrator, who opened the envelope, said she immediately had trouble breathing. She was taken to a quarantined area and sent to the hospital. Four other teachers and support staff, who were around at the time, were also taken to the hospital. One resource officer and four Los Ranchos fire fighters, who arrived at the scene first, were also sent to the hospital. State Police said the envelope did not have a return address or letter inside it. It was addressed to Taft Middle School, in care of a staff member. “It was mailed and the postal service has responded, and their inspectors are going to be looking into who sent the letter,” the APS police chief said. The students were put on lockdown and all left safely just after 3:00 p.m. Source: http://www.krqe.com/dpp/news/crime/crime_krqe_albuquerque_taft_powder_200902021550

 WTOV 9 Steubenville reports that Bellaire, Ohio residents are permitted to use water again after crews accidentally added about 40 pounds of hydrochloric acid to the water system instead of fluoride on Sunday. A supplier accidentally gave the plant hydrochloric acid instead of fluoride. (See item 21)

21. February 3, WTOV 9 Steubenville – (Ohio) Bellaire chemical mix-up in water ‘very serious mistake.’ Bellaire, Ohio residents are permitted to use water again after crews accidentally added hydrochloric acid to the system instead of fluoride. A supplier, Ohio Valley Chemical, accidentally gave the plant hydrochloric acid instead of fluoride, said the superintendent of the water department. He said workers at the treatment inadvertently added about 40 pounds of hydrochloric acid to the system on Sunday. They realized the mistake Monday morning when they saw fluoride levels were lower than normal. “It was a mistake. It could happen to anybody. It was a very serious mistake, (but) it could have been worse,” he said. He said the fact that the wrong acid was delivered — and ended up in the water system — was both the department’s and the suppliers’ fault. He said Ohio Valley Chemical, based in Martins Ferry, is not the department’s usual supplier. To remedy the problem, crews opened up hydrants and drained the system, tanks, and water plant. Police said the water was deemed safe as of 12:30 p.m. Tuesday. Because officials did not immediately know how much acid was in the water, customers were initially urged to avoid using tap water, and classes at Bellaire High School were dismissed at 8:15 a.m. The incident affected between 2,300 and 2,400 people, officials said. Source: http://www.wtov9.com/news/18621661/detail.html

Details

Banking and Finance Sector

7. February 2, Bloomberg – (National) Fed says most U.S. banks tightened terms on loans. A majority of U.S. banks made it tougher for consumers and businesses to get credit in the past three months even as lenders received infusions of taxpayer funds, a Federal Reserve report showed today. “About 65 percent of domestic banks reported having tightened lending standards on commercial and industrial loans to large and middle-market firms,” the Federal Reserve said in its quarterly Senior Loan Officer survey. “Large fractions of domestic banks continued to report a tightening of policies on both credit-card and other consumer loans.” Today’s report may underscore concern among Presidential Administration officials and some U.S. lawmakers that banks that have received more than $200 billion of taxpayer funds are failing to lend that on to customers. The Treasury Secretary plans to unveil an overhaul of the government’s financial-bailout program next week, an administration aide said. The survey showed that lending overall was only slightly less restrictive than in the third quarter, when the Lehman Brothers Holdings Inc. failure reverberated throughout the financial system. The Fed noted that nearly all banks surveyed tightened standards on commercial real-estate loans last year. Source: http://www.bloomberg.com/apps/news?pid=20601103&sid=aB_mZZruz7_o&refer=us

8. February 2, Idaho Business Review – (Idaho) Bank card ‘phishing’ scams with new twists target Idahoans. Criminals trying to obtain credit and debit card numbers have expanded their attack on Idaho consumers, the Idaho attorney general warned today. Idaho First Bank in McCall has informed the attorney general’s office that numerous people have contacted the bank to report suspicious e-mails, text messages and cell phone calls. Idaho First Bank is not sending these messages. The fraudulent messages are designed to appear that they came from the bank and ask recipients to provide their credit or debit card number. The cell phone calls play a recording that asks the recipient to immediately enter their card account number through the cell phone. Last week, the Idaho attorney general warned consumers not to respond to fraudulent text messages that looked like they came from Bank of the Cascades. There have also been recent news reports of similar messages fraudulently claiming to be from a credit union in Yakima, Washington. Source: http://www.idahobusiness.net/archive.htm/2009/02/02/Bank-card-phishing-scams-with-new-twists-target-Idahoans

9. February 2, Pacific Business News – (Hawaii) Hawaii bankers warn of phone scam. Credit and debit cardholders in Hawaii are targets of a new phone “phishing” scam, said the Hawaii Bankers Association. In the scam, an automated recorded message identifying the caller as representing a local bank asks for the person’s credit or debit card number and PIN number. “No legitimate financial institution will ever solicit its customers for personal account information over the phone or online,” said the association in a statement. Anyone who has responded to questionable phone calls or e-mails are asked to contact their bank’s customer-service department. Source: http://www.bizjournals.com/pacific/stories/2009/02/02/daily8.html

10. February 2, Nextgov – (National) GAO: Bank Secrecy Act data at risk of disclosure. Ineffective information security controls at an anti-fraud agency within the Treasury Department have left sensitive personal and financial data vulnerable to abuse, according to a Government Accountability Office report released on January 30. Auditors found that Treasury’s Financial Crimes Enforcement Network (FinCEN) allowed multiple users to share accounts to download data, maintained poor control of passwords and accounts, failed to restrict access to sensitive files and did not encrypt all sensitive data. In addition, security guards did not inspect laptop computers entering and exiting the FinCEN facility, increasing the risk that an unauthorized user could introduce malicious software or remove sensitive data without permission, the report (GAO-09-195) stated. “As a result [1970 Bank Secrecy Act] data — containing highly sensitive personal and financial information about private individuals that is used by the law enforcement community to identify and prosecute illegal activity — are at an increased risk of unauthorized use, modification, or disclosure,” GAO stated. Source: http://www.nextgov.com/nextgov/ng_20090202_4418.php

Information Technology

27. February 2, DarkReading – (International) Glitch causes Google to issue false malware warnings. A glitch in Google over the weekend rendered the site virtually inoperative for almost an hour and falsely warned users that the sites they were searching contained malware. According to a statement by the vice president of search products and user experience at Google, the problem was “very simply, human error. Google flags search results with the message ‘This site may harm your computer’ if the site is known to install malicious software in the background or otherwise surreptitiously. They do this to protect our users against visiting sites that could harm their computers. “We periodically receive updates to that list and received one such update to release on the site [Saturday] morning,” the vice president continued. “Unfortunately, the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file,” the vice president said. “Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.” Google initially blamed StopBadware, an industry group that collects and updates a list of malware sites, for the problem. However, the source of the problem actually resided in Google’s own malware list, according to news accounts. Google says the problem is now fixed, so if users get a message that a particular site may contain malware, they should heed it. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml;jsessionid=35LA4DR1HIG4KQSNDLRSKHSCJUNN2JVN?articleID=213000451

28. February 2, Computerworld – (International) Study: Data breaches continue to get more costly for businesses. Companies that are reluctant to invest what it takes on data security better be prepared to pay a lot more if their systems are ever breached. That’s the main take-away from a new report released by the Ponemon Institute LLC, which shows that the average cost of a data breach to companies is continuing to increase. Ponemon said the breaches from last year that it studied cost an average of about $202 for each compromised customer record. That is 46 percent higher than the $138 per record that Ponemon cited in its first annual report on breach costs, for 2005. The average cost had previously increased to $182 in 2006 and $197 in 2007, according to Ponemon. The cost-per-record figures include direct expenses for breach detection, mitigation, notification and response efforts, as well as indirect costs, such as the financial impact of customer defections and lost business opportunities. Ponemon said the average overall cost of the breaches covered in the new report was more than $6.6 million, with individual companies reporting costs that ranged from $613,000 to almost $32 million. The report was based on a study of breaches at 43 large companies from 17 different industries. The number of customer records that were compromised in the breaches ranged from less than 4,200 to more than 113,000. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9127147&taxonomyId=17&intsrc=kc_top

Communications Sector

29. February 3, Telx – (New Jersey; New York) Telx chooses AboveNet dark fiber to link New York Metro area data centers. Telx, an interconnection and colocation data center operator, has chosen AboveNet, a fiber optic connectivity provider, to link its New York and New Jersey-based data centers with dark fiber. Customers installing equipment in one of Telx’s four New York area facilities will have low latency in their connections between these locations, and the option to connect directly to more than 500 other carrier and enterprise customers over a Telx-managed optical transport network. The new AboveNet dark fiber optical network connects Telx’s four primary New York metro area data centers by using diverse fiber routes with two separate Hudson River crossings. “Physical path diversity was a critical design element of the network to ensure the highest reliability for customers, especially those working in top-tier financial services where there is zero tolerance for network interruption. In addition, the dark fiber and optical transport offers the lowest possible latency for customers connecting to financial institutions’ networks that are colocated in Telx facilities, such as Gargoyle Strategic Investments LLC. and ACTIV Financial,” said the executive vice president of engineering and operations at Telx. Source: http://biz.yahoo.com/bw/090203/20090203005204.html?.v=1

30. February 2, CNET News – (International) Sony points to finger veins for gadget security. Sony is taking biometrics from the surface of the finger to the inside with a new vein authentication technology that could show up on mobile devices within the year. The compact, camera-based system, called “Mofiria,” uses a CMOS sensor to diagonally capture scattered light inside the finger veins. Data from the pattern is compressed, making it possible for the information to be stored on gadgets like laptops or cell phones. Sony says vein authentication technology achieves higher accuracy and produces faster reads than other biometric authentication techniques, such as fingerprint or retinal scans. Finger vein patterns differ from person to person and finger to finger, Sony noted, and do not change over the years. Also, they’re much easier to remember than passwords. Sony claims that false rejection rate for the system is less than 0.1 percent and processing time for identification takes only about 0.015 seconds using a personal computer CPU and about 0.25 seconds using a mobile-phone CPU. Source: http://news.cnet.com/8301-17938_105-10154711-1.html?part=rss&tag=feed&subj=News-Security

31. February 2, Salt Lake Tribune – (National) Extender boosts cell phone signals. Verizon Wireless has started selling a book-sized device that boosts cell phone signals within a home for $250, making it easier for people to drop a home phone line and rely solely on wireless. The Verizon Wireless Network Extender needs to be connected to a broadband Internet line. Then it acts a miniature cellular tower, listening for signals from a subscriber’s cell phone. It covers up to 5,000 square feet. Such devices are known as “femtocells.” Verizon Wireless, the country’s largest carrier, is following in the footsteps of Sprint Nextel Corp., which started selling a femtocell under the Airave brand nationwide last year. The Airave costs $100, but Sprint charges an extra $5 per month for use. Verizon Wireless is not charging a monthly fee. Source: http://www.sltrib.com/technology/ci_11610177

32. February 2, San Antonio Express-News – (Arkansas; Oklahoma; Texas) AT&T data outage lasts four hours. Dallas-based wireless telecommunications giant AT&T Inc. has repaired a wireless network outage that left some customers in San Antonio and other parts of Texas, Oklahoma and Arkansas unable to use data services for more than four hours on February 2. The outage made it impossible for many customers to send and receive data via the company’s high-speed 3G network and over its older wireless data network, EDGE. Affected devices displayed a message saying, “data connection refused.” The outage was the result of a cut in a large-capacity fiber-optic line, an AT&T spokesman said. The company restored service around 3 p.m. Source: http://www.mysanantonio.com/business/38834267.html

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"